Update test certificates; add script to generate new certs

generate_test_certs.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# https://www.postgresql.org/docs/current/ssl-tcp.html#SSL-CERTIFICATE-CREATION
+
+DATADIR=test/data
+ROOT_SUBJ="/CN=epgsql CA"
+EPGSQL_SUBJ="/CN=epgsql_test_cert"
+set -x
+
+# generate root key
+openssl genrsa -out ${DATADIR}/root.key 2048
+# generate root cert
+openssl req -new -x509 -text -days 3650 -key ${DATADIR}/root.key -out ${DATADIR}/root.crt -subj "$ROOT_SUBJ"
+
+# generate client/server key
+openssl genrsa -out ${DATADIR}/epgsql.key 2048
+# generate client/server signature request
+openssl req -new -key ${DATADIR}/epgsql.key -out ${DATADIR}/epgsql.csr -subj "$EPGSQL_SUBJ"
+# create signed client/server cert
+openssl x509 -req -text -days 3650 -in ${DATADIR}/epgsql.csr -CA ${DATADIR}/root.crt -CAkey ${DATADIR}/root.key -CAcreateserial -out ${DATADIR}/epgsql.crt
+
+rm ${DATADIR}/*.{csr,srl}

test/data/epgsql.crt

@@ -1,58 +1,52 @@
 Certificate:
     Data:
-        Version: 3 (0x2)
+        Version: 1 (0x0)
         Serial Number:
-            ac:08:5a:93:85:0b:91:16
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C = US, ST = California, L = San Francisco, O = lambdaWorks, CN = epgsql CA
+            34:7d:ee:46:60:3f:66:26:7f:c2:82:b8:00:91:ae:81:c8:9d:d3:92
+        Signature Algorithm: NULL
+        Issuer: CN = epgsql_test_cert
         Validity
-            Not Before: Mar 27 04:30:13 2009 GMT
-            Not After : Feb  3 04:30:13 2019 GMT
-        Subject: C = US, ST = California, L = San Francisco, O = lambdaWorks, CN = epgsql_test_cert
+            Not Before: Feb 17 03:59:45 2019 GMT
+            Not After : Feb 14 03:59:45 2029 GMT
+        Subject: CN = epgsql_test_cert
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:b1:9d:59:37:d1:e7:4a:aa:42:16:5b:34:de:58:
-                    91:e5:73:96:5c:a3:93:00:48:0a:b3:27:a7:c2:e0:
-                    79:91:e3:2f:92:b4:50:7c:f0:d6:44:fc:44:8a:6d:
-                    65:cd:38:3e:3a:e1:f9:2e:ef:69:b9:8b:80:c8:d4:
-                    d7:ed:1a:06:4b:56:38:eb:16:62:c4:13:4e:52:87:
-                    29:a4:a9:6b:55:6f:e1:fd:44:10:f6:48:79:78:56:
-                    3c:03:52:c3:03:1d:91:a2:5c:bd:e7:d3:6b:96:17:
-                    e3:6d:a5:e4:07:91:a7:1f:6a:fd:74:65:03:b4:9e:
-                    7b:9b:9e:30:94:57:71:07:a1
+                    00:e6:aa:51:89:cc:d1:51:2f:83:bd:54:9f:70:d1:
+                    8b:44:5d:df:f1:fb:8b:41:2c:1d:ad:82:fd:ac:73:
+                    68:77:85:37:24:8e:00:de:fa:c3:2e:c1:f7:d9:1b:
+                    5e:77:2a:c2:bb:5d:35:fd:16:0c:e1:00:54:d7:9d:
+                    7d:97:b3:b6:03:48:23:36:73:43:9a:d9:95:fe:25:
+                    de:15:74:d5:b0:90:b5:d3:90:13:0e:c4:6d:e0:d2:
+                    74:58:37:c9:57:98:56:c0:09:f7:1c:1e:55:48:2e:
+                    3a:a9:80:dc:fa:d0:61:f2:f4:fc:dd:c4:2d:5f:06:
+                    21:3c:8a:4f:b6:40:b9:b9:5e:df:06:a9:89:a6:04:
+                    79:e9:58:ee:a4:d3:97:f3:c3:30:c2:e6:e0:fc:29:
+                    f4:0f:db:4a:4a:02:77:72:fe:07:21:dc:c6:68:b0:
+                    cf:77:09:6c:62:61:e2:91:e8:c9:fb:cb:47:34:03:
+                    f8:1b:54:d5:22:28:14:e3:bc:b7:9a:32:92:6c:de:
+                    b0:14:2d:56:f6:9c:e3:58:1e:4c:23:79:33:22:e0:
+                    a8:36:24:c7:94:7c:b3:a9:26:4d:c2:44:6f:93:ce:
+                    90:a8:9c:1f:fb:ea:2b:e8:09:fa:2d:82:90:0a:c5:
+                    40:29:f2:4b:6e:03:37:8e:72:6c:01:57:80:2d:15:
+                    d0:cf
                 Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EE:4E:CD:35:A5:3B:76:A8:ED:80:32:B4:80:56:03:70:35:19:70:DA
-                DirName:/C=US/ST=California/L=San Francisco/O=lambdaWorks/CN=epgsql CA
-                serial:81:4C:F2:4F:EC:A0:BF:EA
-
-    Signature Algorithm: sha1WithRSAEncryption
-         78:72:9c:4d:ff:53:50:e2:a8:73:5f:f8:06:82:92:d5:68:1e:
-         5b:23:7d:7b:df:ae:1a:2e:a9:1e:d3:f3:89:31:0a:30:07:cc:
-         ce:aa:d7:cd:e0:6b:84:bd:36:12:de:ca:10:93:a2:20:e7:22:
-         85:25:52:0e:ef:d6:1f:70:4e:f5:c0:a0:ed:8d:c2:40:a9:49:
-         b2:14:9d:c8:fa:43:68:7a:27:ca:1b:5a:af:c1:0d:22:70:6d:
-         d3:dc:08:77:b8:ba:7f:0f:84:4a:64:88:42:b5:40:c3:26:e6:
-         1f:5d:fa:38:04:f2:6a:e0:19:95:cc:9e:fc:f0:e3:4a:2f:24:
-         73:8d
+    Signature Algorithm: NULL
 -----BEGIN CERTIFICATE-----
-MIIC6jCCAlOgAwIBAgIJAKwIWpOFC5EWMA0GCSqGSIb3DQEBBQUAMGQxCzAJBgNV
-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp
-c2NvMRQwEgYDVQQKEwtsYW1iZGFXb3JrczESMBAGA1UEAxMJZXBnc3FsIENBMB4X
-DTA5MDMyNzA0MzAxM1oXDTE5MDIwMzA0MzAxM1owazELMAkGA1UEBhMCVVMxEzAR
-BgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFDASBgNV
-BAoTC2xhbWJkYVdvcmtzMRkwFwYDVQQDFBBlcGdzcWxfdGVzdF9jZXJ0MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxnVk30edKqkIWWzTeWJHlc5Zco5MASAqz
-J6fC4HmR4y+StFB88NZE/ESKbWXNOD464fku72m5i4DI1NftGgZLVjjrFmLEE05S
-hymkqWtVb+H9RBD2SHl4VjwDUsMDHZGiXL3n02uWF+NtpeQHkacfav10ZQO0nnub
-njCUV3EHoQIDAQABo4GcMIGZMIGWBgNVHSMEgY4wgYuAFO5OzTWlO3ao7YAytIBW
-A3A1GXDaoWikZjBkMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEW
-MBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIGA1UEChMLbGFtYmRhV29ya3MxEjAQ
-BgNVBAMTCWVwZ3NxbCBDQYIJAIFM8k/soL/qMA0GCSqGSIb3DQEBBQUAA4GBAHhy
-nE3/U1DiqHNf+AaCktVoHlsjfXvfrhouqR7T84kxCjAHzM6q183ga4S9NhLeyhCT
-oiDnIoUlUg7v1h9wTvXAoO2NwkCpSbIUncj6Q2h6J8obWq/BDSJwbdPcCHe4un8P
-hEpkiEK1QMMm5h9d+jgE8mrgGZXMnvzw40ovJHON
+MIICtjCCAZ4CFBGhejjyQW27C2G1sCW5QvdZjC+fMA0GCSqGSIb3DQEBCwUAMBQx
+EjAQBgNVBAMMCWVwZ3NxbCBDQTAeFw0xOTAyMTcwMzU5NDVaFw0yOTAyMTQwMzU5
+NDVaMBsxGTAXBgNVBAMMEGVwZ3NxbF90ZXN0X2NlcnQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDmqlGJzNFRL4O9VJ9w0YtEXd/x+4tBLB2tgv2sc2h3
+hTckjgDe+sMuwffZG153KsK7XTX9FgzhAFTXnX2Xs7YDSCM2c0Oa2ZX+Jd4VdNWw
+kLXTkBMOxG3g0nRYN8lXmFbACfccHlVILjqpgNz60GHy9PzdxC1fBiE8ik+2QLm5
+Xt8GqYmmBHnpWO6k05fzwzDC5uD8KfQP20pKAndy/gch3MZosM93CWxiYeKR6Mn7
+y0c0A/gbVNUiKBTjvLeaMpJs3rAULVb2nONYHkwjeTMi4Kg2JMeUfLOpJk3CRG+T
+zpConB/76ivoCfotgpAKxUAp8ktuAzeOcmwBV4AtFdDPAgMBAAEwDQYJKoZIhvcN
+AQELBQADggEBAGetUizPjbLeedUaPPvzSoYB42RSbzjRqr/3WxLNjmaWQ4oCFzR4
+eUjpjDtrmYpj/qHBlCBaHLgYX6wagf0dfXRBfdw/vI3bW0P6AzDrhEdiDukm3cQY
+skNDpYfgh88VBFGGtV4BAcJPX2GuTYoAOhxkgTT7jjlfA1U53T+IsInBMPkaWHw/
+pQ/8epvRoVGkmMefDx1AseB23xF5+I2l5WwbGyCHkz/gP+6wWS8XOMHnn/xEzDEG
+D3/Cg67xEshkYWPejTTSb9oAvfzrSynO2v7aTkPV6CqTYZ/66uXGPDRH84fUvfcK
+GRQJpMGmkLYobg1CGfgqMgYhxrlOjqdr80E=
 -----END CERTIFICATE-----

test/data/epgsql.key

@@ -1,15 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCxnVk30edKqkIWWzTeWJHlc5Zco5MASAqzJ6fC4HmR4y+StFB8
-8NZE/ESKbWXNOD464fku72m5i4DI1NftGgZLVjjrFmLEE05ShymkqWtVb+H9RBD2
-SHl4VjwDUsMDHZGiXL3n02uWF+NtpeQHkacfav10ZQO0nnubnjCUV3EHoQIDAQAB
-AoGARXSemvF+XPhPd6aa+gfwpaWZuwhMR+PkK0Lqm45ke+Q3ikrw3qrfX4K22tsE
-4EeKLkSHyQ7ebSxcZCy3c4SlyNES88wk7epGYbui4L0Iv/1WXfg1zIRqdNgBMr6M
-ZUZoUJx1gyRY2S3zGjTBn8b4Wh9EwsD0KTluvtH74DtLPQECQQDiLhIVasTsgKpn
-SoLVJ+UqpQ8oe17m4gHbwMOK2s+o479oKuAbmwgUX8U2waoncq06vG+x3gziVIOF
-Qkj6s6rZAkEAyQgfN01SoNOwp61Nis8TWeltqZdh0VHYqpu/ARfUpsTAWHGhc4eK
-Ee+J1DmxrUAP+s25Z640Ps9jNTugrWB2CQJBAJ+XyHTKQKdsZlC517VWEDLWAusa
-mi0pvgv0aUW5/Zr7EJ0M29M+wiW2Ke7oGgr5tNfkDKAhwU+WOLM3wUz8p4kCQQCr
-5zcSShtzDTINYCNjpElO5E3y7FEn9g4Jbd7550/fP3We66P8r5VAWw4IHUGy/Yns
-lIiLgSqJ3ztdZNy0BT1JAkEAhPz9yMZN7NBfdTjM1ebp4VirL8uQAdod/d3oRN87
-dqVxywRm4dZ4hMD2Fr6CuLsZylCQKEt1jNEfjZzRC4hR2g==
+MIIEpAIBAAKCAQEA5qpRiczRUS+DvVSfcNGLRF3f8fuLQSwdrYL9rHNod4U3JI4A
+3vrDLsH32RtedyrCu101/RYM4QBU1519l7O2A0gjNnNDmtmV/iXeFXTVsJC105AT
+DsRt4NJ0WDfJV5hWwAn3HB5VSC46qYDc+tBh8vT83cQtXwYhPIpPtkC5uV7fBqmJ
+pgR56VjupNOX88Mwwubg/Cn0D9tKSgJ3cv4HIdzGaLDPdwlsYmHikejJ+8tHNAP4
+G1TVIigU47y3mjKSbN6wFC1W9pzjWB5MI3kzIuCoNiTHlHyzqSZNwkRvk86QqJwf
+++or6An6LYKQCsVAKfJLbgM3jnJsAVeALRXQzwIDAQABAoIBAQDXBxM36I2Ap1Ci
+IM75dv3i37gydpIcUSnhZGliZ7uNH8yF8TLyqsVlQ0DvTUpEwMIDtCLuKa4b2hk9
+Xv2De+5DJO5ehhkRs6DV6SscyWujS2OVM4vwikD8AnSfAHJbjBHit+d6ePR7c00Q
+Uqat0bBdsvA/M/Av0yEMtMsWVURNflRMbZdQe1ojnXKhgtIS8XfIq7NfXKxaLDX0
+gFhMGBP/8xuxAR89UT27LjEkq0yfKhtYf4OHZDxGZHlAYUAlbMiA/nD/UD0ER8MC
+nY9zxJwlXmuTN5EbK74MQ9dnAlfGCF9TWIuUfb4mxuZ9aS+gaFDmrO6487Xzx03U
+PBqJhXlhAoGBAPRKSv1ZfuMgFrj/m3gp1cnGshejIgiCJeUW9TpZeZbI0rA3KQYm
+PHFS50VLCZkWrWFj9YhDTzqoNspHgOwrie+lr7f4RbJLLrw9Zxju95NkPLs8Symr
+sxkYflXP8CrXZ4ZX+Cl/R5Kcv+Akrij8AF4aBoZn7qdFkBjUgybjHxiZAoGBAPG4
+1U0cAzXlE0kzlwbqlpOz/kvPtz3yhiMQ0OVAzb4xxaCuZZnntxpm4TuKHYdBH6Fd
+zRGTa3ylvG22dmfm+4LdrmUoT62AJD9yvgelW7gfrRTm/1peGDdl8w0UJ3AR8SMn
+9Bw+w7luZkNqjnAEp22rVIdcPRz6qdEPm1ujFQ2nAoGAa8QmZrNHXYy3WW8xN4ZF
+EJk90V2e0uAPNYu2LMJx+AmpoCEFUPgnK9rluVTL7CPr4o3FMBJ5bifs27lFb2oZ
+lIWkCeVVYbz25gW0aHRq9TN/8x07Dyv2ezip6tMrYMrbmZFPIYdLnKrXnlqwFdZt
+lxWmET7iMhpm4f1Fyi7hdekCgYBSpegInXNbkh+t/72716n0hq6ELVlyDOJgSveh
+6y5twYbZEcgbf2bT2ClaujaucE3oVrIvOECgNerfeGuzyv5kGHfwjn/vysiaCRmA
+c8GQiwQbCYB13YZaKrmX1zRE1V2lr5t/rNYvKNg+ZMie9HhqvxH/1kHvDqXRnYx5
+IKGqMQKBgQC5ci+AvwZ2zTZidjawo4Uirt0qAAdGwSPsZ0bAPlCqhfdIF5MrtVMP
+c2f6lWcNdMUjxB57fCl4/iAJx1y+XNe2aFNSboR7fMahbuVmdA3fDiGhzpTg8P7P
+5lfoLWHdmg7ds1a2rOSnG1vg8dw3y8jYf4BpeoAPjty1IIK8tp9Olw==
 -----END RSA PRIVATE KEY-----

test/data/root.crt

@@ -2,62 +2,76 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            81:4c:f2:4f:ec:a0:bf:ea
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C = US, ST = California, L = San Francisco, O = lambdaWorks, CN = epgsql CA
+            0c:a9:bd:1c:41:26:e9:c1:39:48:13:e7:8b:30:f8:17:0a:80:9d:b1
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN = epgsql CA
         Validity
-            Not Before: Mar 27 03:52:34 2009 GMT
-            Not After : Feb  3 03:52:34 2019 GMT
-        Subject: C = US, ST = California, L = San Francisco, O = lambdaWorks, CN = epgsql CA
+            Not Before: Feb 17 03:59:45 2019 GMT
+            Not After : Feb 14 03:59:45 2029 GMT
+        Subject: CN = epgsql CA
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:bd:03:59:e5:ce:5d:24:45:ae:bf:cd:a4:4a:d4:
-                    33:7a:48:08:79:8a:20:4c:b6:28:51:f8:f0:9a:1d:
-                    1e:fb:b8:de:a3:b7:10:95:d7:a3:58:b7:94:b4:7e:
-                    36:0a:0c:68:1c:e8:21:a5:5d:9d:0a:3a:5d:26:dd:
-                    bb:5b:62:59:e0:1f:b8:48:a7:3d:28:dd:f3:b9:de:
-                    27:d7:25:4b:f6:8a:ac:ef:a3:0e:b3:fb:1b:b8:dd:
-                    db:01:72:01:1f:79:5b:f8:c3:54:7e:1a:94:68:1d:
-                    81:2c:05:11:05:2c:5b:81:05:21:19:c0:c7:94:4f:
-                    77:f5:76:4c:98:8d:ab:68:5b
+                    00:ec:8f:7a:c9:24:ed:3a:3b:23:01:69:2b:14:01:
+                    62:a6:4f:8f:53:9c:e5:61:59:b8:36:11:ad:c4:00:
+                    8f:e4:01:ff:b9:cf:29:f9:44:aa:30:87:d6:06:69:
+                    21:ec:f4:1c:dc:46:a2:14:af:e5:4a:bf:0f:0b:83:
+                    97:10:5d:f3:2c:c1:3b:07:90:56:5c:d6:dd:9d:17:
+                    20:0b:23:c9:e7:74:cb:3f:2e:c6:9e:6d:65:fc:b6:
+                    2c:4e:cc:96:c9:20:57:60:93:93:19:fa:bf:5f:3e:
+                    29:70:16:c8:38:41:ff:2a:2c:67:9a:19:57:12:20:
+                    24:fc:b0:0e:e3:cf:07:60:d7:ec:9e:43:3b:05:65:
+                    83:cf:58:f7:12:9d:fd:a4:1e:db:ea:99:90:d3:17:
+                    13:b7:68:0c:d6:c2:69:59:85:d2:96:a2:a7:3b:80:
+                    a4:4d:04:cd:c1:91:d5:37:da:30:32:47:90:d8:8c:
+                    3c:02:e4:ef:ba:e4:7d:40:66:63:54:96:1c:5c:2d:
+                    ac:52:38:52:05:38:1c:7d:67:a3:76:94:a5:34:e1:
+                    39:29:f0:90:67:6d:23:e3:0c:f0:22:5f:08:d2:00:
+                    4a:df:87:7c:a2:a8:81:41:a9:5f:33:d5:17:44:d2:
+                    ed:4c:13:c9:13:3b:0c:a3:6e:22:13:ae:ef:57:96:
+                    83:4b
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                EE:4E:CD:35:A5:3B:76:A8:ED:80:32:B4:80:56:03:70:35:19:70:DA
+                A0:EE:8E:BD:E7:E1:1E:DE:4E:96:30:C8:54:D4:A7:FC:12:24:59:4E
             X509v3 Authority Key Identifier: 
-                keyid:EE:4E:CD:35:A5:3B:76:A8:ED:80:32:B4:80:56:03:70:35:19:70:DA
-                DirName:/C=US/ST=California/L=San Francisco/O=lambdaWorks/CN=epgsql CA
-                serial:81:4C:F2:4F:EC:A0:BF:EA
+                keyid:A0:EE:8E:BD:E7:E1:1E:DE:4E:96:30:C8:54:D4:A7:FC:12:24:59:4E
 
-            X509v3 Basic Constraints: 
+            X509v3 Basic Constraints: critical
                 CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-         27:4c:04:ee:27:46:23:9b:6f:7c:8f:5b:9e:c6:65:74:33:40:
-         06:be:ca:e0:55:91:1c:9e:1c:77:27:82:03:4e:67:91:5d:14:
-         e4:74:b7:88:9e:49:d6:02:5b:71:94:b3:62:2a:5e:58:00:7d:
-         8c:42:09:db:ca:27:20:71:33:16:09:d2:17:36:d4:4f:63:09:
-         0a:48:80:d7:36:13:24:57:e3:7a:7e:25:4e:b8:f0:71:c6:34:
-         69:4e:e1:4b:5a:ec:b3:be:14:78:1e:af:85:b2:56:91:62:03:
-         6b:b2:85:2e:8e:ef:4b:5a:bf:ac:54:43:24:cb:0e:c6:f8:58:
-         b5:a1
+    Signature Algorithm: sha256WithRSAEncryption
+         54:72:93:5b:0b:38:a9:4c:de:31:1c:d7:7c:53:da:e5:c4:08:
+         86:e8:77:a1:73:9b:66:e0:94:e8:42:70:68:23:ab:64:19:85:
+         a4:c9:db:63:b5:94:f6:56:02:53:05:6c:be:65:a4:09:13:91:
+         5a:f6:58:ec:fd:88:e7:fe:7b:96:fa:74:8f:ea:b1:3d:43:17:
+         09:7e:54:4e:bf:6a:e8:3b:75:81:0b:12:93:02:e5:8a:22:d0:
+         b8:77:92:60:76:89:ab:41:55:5d:2d:21:b4:89:63:c7:58:d4:
+         aa:dc:af:23:52:b1:39:62:97:7e:39:7f:1c:24:f0:86:6c:d1:
+         9d:26:0d:c5:c9:c5:ae:74:58:c4:96:dc:91:2a:26:e2:cd:ea:
+         b8:50:e4:6b:8d:2c:21:e8:7a:f6:cd:b5:32:ea:34:30:41:71:
+         87:e4:91:9d:13:3c:95:bf:96:e3:7a:73:09:2a:db:15:cb:11:
+         1e:74:18:71:1e:7a:c7:59:c3:86:b9:b3:6a:e4:ba:d6:18:94:
+         96:00:3c:5e:39:43:37:d2:16:06:e0:7d:55:d9:64:cc:75:5c:
+         bb:4f:06:9a:f7:09:47:3e:94:5f:ca:d8:86:e5:3b:5d:05:3a:
+         ee:20:65:c2:29:bd:42:e3:80:b3:2c:dd:6f:ca:9e:df:9a:3b:
+         18:d9:78:3d
 -----BEGIN CERTIFICATE-----
-MIIDEDCCAnmgAwIBAgIJAIFM8k/soL/qMA0GCSqGSIb3DQEBBQUAMGQxCzAJBgNV
-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp
-c2NvMRQwEgYDVQQKEwtsYW1iZGFXb3JrczESMBAGA1UEAxMJZXBnc3FsIENBMB4X
-DTA5MDMyNzAzNTIzNFoXDTE5MDIwMzAzNTIzNFowZDELMAkGA1UEBhMCVVMxEzAR
-BgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFDASBgNV
-BAoTC2xhbWJkYVdvcmtzMRIwEAYDVQQDEwllcGdzcWwgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAL0DWeXOXSRFrr/NpErUM3pICHmKIEy2KFH48JodHvu4
-3qO3EJXXo1i3lLR+NgoMaBzoIaVdnQo6XSbdu1tiWeAfuEinPSjd87neJ9clS/aK
-rO+jDrP7G7jd2wFyAR95W/jDVH4alGgdgSwFEQUsW4EFIRnAx5RPd/V2TJiNq2hb
-AgMBAAGjgckwgcYwHQYDVR0OBBYEFO5OzTWlO3ao7YAytIBWA3A1GXDaMIGWBgNV
-HSMEgY4wgYuAFO5OzTWlO3ao7YAytIBWA3A1GXDaoWikZjBkMQswCQYDVQQGEwJV
-UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEU
-MBIGA1UEChMLbGFtYmRhV29ya3MxEjAQBgNVBAMTCWVwZ3NxbCBDQYIJAIFM8k/s
-oL/qMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJ0wE7idGI5tvfI9b
-nsZldDNABr7K4FWRHJ4cdyeCA05nkV0U5HS3iJ5J1gJbcZSzYipeWAB9jEIJ28on
-IHEzFgnSFzbUT2MJCkiA1zYTJFfjen4lTrjwccY0aU7hS1rss74UeB6vhbJWkWID
-a7KFLo7vS1q/rFRDJMsOxvhYtaE=
+MIIDCTCCAfGgAwIBAgIUDKm9HEEm6cE5SBPnizD4FwqAnbEwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJZXBnc3FsIENBMB4XDTE5MDIxNzAzNTk0NVoXDTI5MDIx
+NDAzNTk0NVowFDESMBAGA1UEAwwJZXBnc3FsIENBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA7I96ySTtOjsjAWkrFAFipk+PU5zlYVm4NhGtxACP5AH/
+uc8p+USqMIfWBmkh7PQc3EaiFK/lSr8PC4OXEF3zLME7B5BWXNbdnRcgCyPJ53TL
+Py7Gnm1l/LYsTsyWySBXYJOTGfq/Xz4pcBbIOEH/KixnmhlXEiAk/LAO488HYNfs
+nkM7BWWDz1j3Ep39pB7b6pmQ0xcTt2gM1sJpWYXSlqKnO4CkTQTNwZHVN9owMkeQ
+2Iw8AuTvuuR9QGZjVJYcXC2sUjhSBTgcfWejdpSlNOE5KfCQZ20j4wzwIl8I0gBK
+34d8oqiBQalfM9UXRNLtTBPJEzsMo24iE67vV5aDSwIDAQABo1MwUTAdBgNVHQ4E
+FgQUoO6OvefhHt5OljDIVNSn/BIkWU4wHwYDVR0jBBgwFoAUoO6OvefhHt5OljDI
+VNSn/BIkWU4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAVHKT
+Wws4qUzeMRzXfFPa5cQIhuh3oXObZuCU6EJwaCOrZBmFpMnbY7WU9lYCUwVsvmWk
+CRORWvZY7P2I5/57lvp0j+qxPUMXCX5UTr9q6Dt1gQsSkwLliiLQuHeSYHaJq0FV
+XS0htIljx1jUqtyvI1KxOWKXfjl/HCTwhmzRnSYNxcnFrnRYxJbckSom4s3quFDk
+a40sIeh69s21Muo0MEFxh+SRnRM8lb+W43pzCSrbFcsRHnQYcR56x1nDhrmzauS6
+1hiUlgA8XjlDN9IWBuB9VdlkzHVcu08GmvcJRz6UX8rYhuU7XQU67iBlwim9QuOA
+syzdb8qe35o7GNl4PQ==
 -----END CERTIFICATE-----

test/data/root.key

@@ -1,15 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC9A1nlzl0kRa6/zaRK1DN6SAh5iiBMtihR+PCaHR77uN6jtxCV
-16NYt5S0fjYKDGgc6CGlXZ0KOl0m3btbYlngH7hIpz0o3fO53ifXJUv2iqzvow6z
-+xu43dsBcgEfeVv4w1R+GpRoHYEsBREFLFuBBSEZwMeUT3f1dkyYjatoWwIDAQAB
-AoGBAKg3UUyayn47nfiJtgv6qw3LCe/RJEnhXCUIHmmqPSbeMxcVF6ej0HZme+ve
-34012XrQhRE9LUQrCThL4jDEaSLsZ64PY+XL0ZdNCS4RX6OHGp6EyHC1HNSHn8a2
-zQuAzBsBHM39h/EVid9m0acfcEuN7TYAKF+sH6qjEBiSAWdRAkEA5hnwRsecGht6
-ViW4uuwHadNrc19mMPpXxFtIb79ONH+FmUkSQ0pRNOkEVICC7yokZbnhxcxSb76k
-r3S7rDa8xQJBANJJgpzuxbF0/NTXl5aH1gcucpIp6XBJfRmn1DpFq3Y20qGPr+Ez
-SiiDaqxoYjYRQ6FJg26kWnonWPawsiXSIp8CQQDQuQazra10ISi/rEf9hszSuezm
-IstX8j5a51K1yxrtlB9kBFyEnY08KYK8BDbBK8EIZaze95BvvMc2QPVcKerhAkB+
-Qh7HBOHz827eiHd+rR5Hf47QzZNYlPck0UyulCgnuTDsSi5qw3XSL118GMxm9CSs
-EUx1wP6F+1wB+gNsi+e3AkAR39uESbaaVOZmh1Uvvz0RVckXlJOEPY8Rp6kxhFS2
-QBsWbMrb5jraFy54iCmj8o3stp+LjBBv4PFA0LKq4vIa
+MIIEowIBAAKCAQEA7I96ySTtOjsjAWkrFAFipk+PU5zlYVm4NhGtxACP5AH/uc8p
++USqMIfWBmkh7PQc3EaiFK/lSr8PC4OXEF3zLME7B5BWXNbdnRcgCyPJ53TLPy7G
+nm1l/LYsTsyWySBXYJOTGfq/Xz4pcBbIOEH/KixnmhlXEiAk/LAO488HYNfsnkM7
+BWWDz1j3Ep39pB7b6pmQ0xcTt2gM1sJpWYXSlqKnO4CkTQTNwZHVN9owMkeQ2Iw8
+AuTvuuR9QGZjVJYcXC2sUjhSBTgcfWejdpSlNOE5KfCQZ20j4wzwIl8I0gBK34d8
+oqiBQalfM9UXRNLtTBPJEzsMo24iE67vV5aDSwIDAQABAoIBAQC3aNcONO8pAsi1
+Q1D/BcPypiS98xt1Sxaj9TkAil8FrPcUnSYx+abqUacC+WgwS2RE9Q6dc3MXbOLB
+TplFO1JbFMYrqyEKghz4uwFBIdJc/hTHPAEKvE8ijCv2PHF8JvMYEdMvhVXzBkMi
+gMdjtuebTypUM+lqSDnlIKuqvM0/qyxEg5M5D3Va8O0JBeiWDEvcgBtH4aI0Rh7x
+stJCuaTletySR+gpGzXPl7wzK7ZJdqHGnt6t2eJjsah/YITFBPRACeG+bEPapN2G
+F0Bv56kDXj8N5qMp1+Lm4+fkLo/LvxBCjNYfwab4dWLfi3PcId4MI1Ib6llpDxxf
+51NK8VWBAoGBAPqTJKM2eFHnO+y+R/AXtmnGDNFm0VKivLdLUzrGutYvIMH5p+9w
+iFaXYgTCznijO45py4Ay/7l2YVc9j/xTldPmTlxpCwZ5ccr30C02TVzxyuIupy4Q
+R2JX0D9JzvpJqLO+Gxa56AMWymDdNYBZO12UU/qt2m101Xb3EBfxnyQbAoGBAPGu
+qNy1Dp27V77OsEnn9RUDVpk2pDg78f5YQfWdMTPUJuVKsO7QvYYfx7n+EIaz4ab+
+UU1+Eo3si6G+WnuIIvWgtM0T7k5u7rlLH+xj/RNJE4vm4jJlCZlTQkJT9zLQ5c7d
+Zwi4U3kZNyo/F+ym7EroAhPD+NQgTjJm56g/6jCRAoGADAhCyx+TeYNcCks80xeg
+Z8Xd2bRROuGbpEWWsozWbfCHZykg2kuSEG5mg4oDNiHIe1czMW3Bf9tiYzkOj/RH
+joxRmPhmUiJEx5VMxs8DugHWVzQcTQb1FpDW7CMUMEqXMkJftKCqtnNCtpIIvqgK
+RL0Zp0Dv6y+gDH1ipXOxy58CgYA5AEnBbE6bMxFZ5mO7uqKaJyRolHOc8756j5RW
++pEdOT9HOxuJ59+bX6l6m4qISqrA+SBx13dG0/CG4F903UHpjtK1v6qoAw/40dgg
+p+CLiOO8TmMxIZVm/TUWcblO2egppxxi+R5u5FyXcTQSU7hNXnUG9mScm1X2G0Et
+9I0mkQKBgAped5x4posxVqm+9YhiCGvBkUfX8OwkxskZPaZtioz2ehwf0CwCIgN3
+G2MKYH521wc0/2PuQDUKNfY8We5VaS83i+lAKBx5nvJ5o5oN1dv2114CUs7clXh0
++7Z2k83Ca2c4JKWDVMLg5ekg55vjms+9sJmHA25UCogq5/Q2SfOk
 -----END RSA PRIVATE KEY-----